Securepoint Mail Security with Office365

Note

This article includes descriptions of third-party software and is based on the status at the time this page was created.
Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation.
All information without warranty.

Example configuration of Mail Security with Office 365

Last adaptation to the version: 2025.10

New:

Neue Office-365 Intergration mit Assistenten

Routen werden mittels TXT-Record in der Domain authentifiziert und stehen unmittelbar zur Verfügung
Aktive Routen werden jetzt mit einer aktivierten Schaltfläche angezeigt

notempty

This article refers to a Beta version

03.2025

Introduction

This HowTo describes how to set up Securepoint Mail Security with Microsoft Office 365.

An email sent to an Microsoft office 365 mailbox is first received by the upstream Securepoint Mail Security.
Securepoint Mail Security scans the email for spam and malware. If non is detected, Mail Security forwards the email to the Office 365 mailbox.

The same applies to outgoing emails. When an email is sent from an Office 365 mailbox, Mail Security checks the outgoing email after it is sent from Office 365 for spam and malware. If no threats are detected, Mail Security forwards the email to its final destination.

Office-365 Integration

notempty

Nur für NFR-Lizenzen New as of 11.2025

O365 Integration mit Assistent
The following setup steps are required:

Set up an inbound and outbound route in Mail Security
Configure Office 365, assign domain, set up receive and send connectors
Adjust the DNS entries

notempty

This order is important to ensure that emails can continue to be delivered during setup process.

Fig.1

Aufruf des Menüs zur Syncvhroniesierung unter mail.security O365
Schaltfläche Starten der O365-Synchronisierung

Fig.2

Microsoft Benutzerkonto mit Adminrechten auswählen
Benötigt werden die Berechtigungen:

Anmelden und Benutzerprofil lesen

Read Domains

Vollständige Profile aller Benutzer lesen

Liegen die benötigten Berechtigungen nicht vor, erscheint ein Hinweis und der Assistent kann nicht fortgeführt werden

Fig.3

Akzeptieren

Fig.4

Domänen Vorschau

Fig.5

Gewünschte Domäne ausgewählen und Weiter

Fig.6

Domäne ist hinzugefügt (Grüner Kreis mit Häkchen in der letzten Spalte)
Weiter

Anzeige bei wiederholter Synchronisation

Fig.7

Postfächer auswählen Sync

Fig.8

Es wird empfohlen, eine Catch-All Adresse einzurichten

Fig.9

Route erstellen

Fig.10

Einträge, die bereits zuvor synchronisiert wurden, werden übersprungen

Fig.11

Es wurde automatisch eine eingehende Route und eine ausgehende Route erstellt

Fig.12

Beim wiederholten Synchronisieren werden bereits angelegte Porstfächer mit einem grünen Kreis mit Häkchen in der letzten Spalte angezeigt

Set up Microsoft 365

Configure the receive connector

A receive connector must be configured so that the Microsoft Exchange Online can receive emails from Mail Security.

Log in at https://admin.exchange.microsoft.com admin.exchange.microsoft.com], under Mail flow→ Connectors click the Add connector button

New Connector: Select Connection from Partner organization, Connection to will then be filled in automatically
Name: Choose an appropriate name and optionally a description
Sent email will be authenticated: select the second option and enter the IP address from the welcome email, then click on to ensure the IP address is added
the welcome email is received after ordering mail security
Security restrictions: The desired security restrictions can be configured
Verify connector: After succesfully testing the configuration, the receive connector is ready to use

Fig.1

Log in at admin.exchange.microsoft.com
Under Mail flow → Connectors click the Add connector button
New connector select Connection from Partner organization

Fig.2

Name choose an appropriateName and optionally add an description

Fig.3

Emails sent will be authenticated: select the second option and enter the IP address from the welcome email. Click on to ensure the IP address is added correctly

the welcome email is received after ordering Mail Security

Fig.4

Security restrictions: the desired security restrictions can be configured

Fig.5

Verify connector: Use the button Connector erstellen to verify the created connector

After a succesful configuration check, the receive connector is ready for use

Configure send connector

A send connector must be configured so that Microsoft Exchange can send emails to Securepoint Mail Security

Log in at admin.exchange.microsoft.com, under Mail flow → Connectors, click the Add connector button

New Connector: Select Connection from Office 365, Connection with Partnerorganisation
name: Choose an appropriate name and optionally add an description
Usage of the connector: Only, when I have set up a transport rule that redirects messages to this connector
Routing: route email through these smarthosts and use the smarthost from the outbound route in Mail Security under the Relay section
Security restrictions: Configure as desired
Validation email: Email address for verification
Verify connector: After succesfully testing the configuration, the send connector is ready for use

Afterward, a rule must be added to ensure this send connector can be used.

Fig.1

Log in at admin.exchange.microsoft.com
Under Mail flow→ Connectors click the Add connector button
New connector Select Connection from Office 365

Fig.2

name: Choose an appropriate name and optionally add an description

Fig.3

Usage of the connector: Only, when I have set up a transport rule that redirects messages to this connector

Fig.4

Routing: route email through these smarthosts

for the previously created outbound route in the mail security, go to edit and use the entry in the Relay section

This always follows the pattern meine-domain-de.relay.mymailwall.com
The specific relay domain can be viewed under Mailsecurity / Outgoing / Customer / Tab Routes / Edit route / Relay
Vorlage:Expand2

To apply the entry, click

Fig.5

Security restrictions: Configure as desired

Fig.6

Validation email: Enter an email address for verification

To apply the entry, click the button

Fig.7

Verfiy connector: Use the button Connector erstellen to verify the created connector

After a succesful configuration check, the receive connector is ready for use

Add rule

After the send connector has been set up, a rule must be created in Microsoft Office 365 to ensure that this connector can be used.

Log in at admin.exchange.microsoft.com, under Mail flow → Rules click the Add rule button

In the burger menu, select Create a new rule
Set the rule conditions:
1. Choose an appropriate name
2. Apply this rule, if: the recipient is external/internal outside the organization
3. Proceed as followed: Redirect message to the following connector and select the previously created connector there
Set rule settings: Adjust the conditions of this rule as desired
Review and complete: The configuration can be reviewed again and corrected if necessary
Use the Finish button to create this rule

notempty

After the creation, the rule must be activated manually. Until it is activated, no emails will be routed through Mail Security

To minimize downtime and avoid potential errors, the rule should only be activated after the MX record has already been switched to

Mail Security!

Fig.1

Log in at admin.exchange.microsoft.com, under Mail flow → Rules

Click the Add rule button

In the burger menu, select Crate a new rule

Fig.2

Define rule conditions: Choose an appropriate name

'Apply this rule, if The recipient is external/ internal

Fig.3

in the dialog window 'select recipient location' In Outside the organization

Fig.4

Proceed as followed: Redirect message to the following connector

Fig.5

in the dialog window Select connector, choose the previously created send connector TTT-Point Outbound

Fig.6

Set rule settings: Adjust the rule conditions as desired

Fig.7

Review and complete: The configuration can be reviewed again and corrected if necessary

Adjust DNS entries

First, two DNS entries of the affected domain must be adjusted, as emails are to be routed through the Mail Security server to Microsoft Office 365.

managed via the domain's DNS management

The MX record must be set to mx.mymailwall.com
the SPF record must be updated to include mymailwall.com

This can be verified using the following terminal command: host -t mx DOMAIN

host -t mx mx.ttt-point.de
mx.ttt-point.de mail is handled by 10 mx.mymailwall.com.

Once the DNS entries have been succesfully redirected, the previously created rule can be activated